Hackers Attack DDoS Defense Hosting Firm

Credit card and other personal information was exposed in a data breach of Internet hosting provider Staminus Communications, which specializes in protection against distributed denial-of-service attacks. The company hosts the website of the Ku Klux Klan white supremacist group, which was also brought down.

Hackers reportedly disrupted access to the website of Staminus Communications for at least 20 hours on March 10, and by March 14, staminus.net appeared to still be inaccessible. The Klan's website also appeared to remain offline.

Staminus' homepage on March 11 initially featured a statement from CEO Mat Mahvi acknowledging the outage, although claiming that "global services, as well as most auxiliary services, are back online for our customers."

The hosting firm has also warned that attackers appear to have stolen and leaked customer data. "Based on the initial investigation, we believe that usernames, hashed passwords, customer record information, including name and contact information and payment card data were exposed," Mahvi said in the statement. "It is important to note that we do not collect Social Security numbers or tax IDs."

But as of March 14, both the website - and that statement - still appeared to be only intermittently inaccessible, if at all.

Pilfered Data Reportedly Seen Online

A huge trove of data from Staminus appeared online, in a classic "hacker e-zine" format, according to Krebsonsecurity.com, which was the first to report on the incident. The page includes links to download databases reportedly stolen from Staminus and from Intreppid, another Staminus project that targets customers looking for protection against large DDoS attacks.

"The authors of this particular e-zine indicated that they seized control over most or all of Staminus' Internet routers and reset the devices to their factory settings," the Krebs report says. "They also accuse Staminus of 'using one root password for all the boxes,' and of storing customer credit card data in plain text, which is violation of payment card industry standards."

Overly Optimistic

Hours after the outage, Staminus posted overly optimistic Twitter posts promising service would be shortly restored.

Global services are now back online, ancillary services are currently being brought back online. We expect full service restoration soon.

Staminus says it had notified law enforcement, including the FBI, once it learned its website was breached. "While the investigation continues," Mahvi says, "we have and will continue to put additional measures into place to harden our security to help prevent a future attack."

Although the exposed passwords were protected with a cryptographic hash, Mahvi urges customers to change their passwords.

Staminus says it notified its payment processor and all card brands so that they could monitor for fraudulent activity. The company advises its customers to regularly check their credit and debit card statements to see whether any fraudulent or suspicious activities occurred.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;